Merge 24Q4 into AOSP main
Bug: 370570306 Merged-In: Id4f43ba150bd476426ace22c7d866ee87d5777a0 Change-Id: Ie0de67f4d904363b95219cc4ef77505a85504a52
This commit is contained in:
Xin Li
commit
fc65b36404
52 changed files with 178 additions and 67 deletions
6
legacy/zuma/vendor/device.te
vendored
6
legacy/zuma/vendor/device.te
vendored
|
|
@ -1,7 +1,6 @@
|
|||
type persist_block_device, dev_type;
|
||||
# device.te
|
||||
type custom_ab_block_device, dev_type;
|
||||
type mfg_data_block_device, dev_type;
|
||||
type ufs_internal_block_device, dev_type;
|
||||
type logbuffer_device, dev_type;
|
||||
type fingerprint_device, dev_type;
|
||||
type uci_device, dev_type;
|
||||
|
|
@ -12,6 +11,3 @@ type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
|
|||
type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
|
||||
# SecureElement SPI device
|
||||
type st54spi_device, dev_type;
|
||||
|
|
|
|||
3
legacy/zuma/vendor/hal_bluetooth_btlinux.te
vendored
3
legacy/zuma/vendor/hal_bluetooth_btlinux.te
vendored
|
|
@ -7,3 +7,6 @@ allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
|
|||
|
||||
# allow the HAL to call cccdktimesync registered callbacks
|
||||
binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app)
|
||||
|
||||
# Allow access for AoC properties.
|
||||
get_prop(hal_bluetooth_btlinux, vendor_aoc_prop)
|
||||
|
|
|
|||
4
legacy/zuma/vendor/hal_nfc_default.te
vendored
4
legacy/zuma/vendor/hal_nfc_default.te
vendored
|
|
@ -1,5 +1,7 @@
|
|||
# HAL NFC property
|
||||
get_prop(hal_nfc_default, vendor_nfc_prop)
|
||||
set_prop(hal_nfc_default, vendor_nfc_prop)
|
||||
set_prop(hal_nfc_default, vendor_nfc_antenna_prop)
|
||||
get_prop(untrusted_app, vendor_nfc_antenna_prop)
|
||||
|
||||
# SecureElement property
|
||||
set_prop(hal_nfc_default, vendor_secure_element_prop)
|
||||
|
|
|
|||
3
legacy/zuma/vendor/hal_power_default.te
vendored
3
legacy/zuma/vendor/hal_power_default.te
vendored
|
|
@ -4,4 +4,5 @@ allow hal_power_default sysfs_camera:file rw_file_perms;
|
|||
allow hal_power_default sysfs_em_profile:file rw_file_perms;
|
||||
allow hal_power_default sysfs_display:file rw_file_perms;
|
||||
allow hal_power_default sysfs_trusty:file rw_file_perms;
|
||||
set_prop(hal_power_default, vendor_camera_prop);
|
||||
set_prop(hal_power_default, vendor_camera_prop);
|
||||
allow hal_power_default sysfs_vendor_mm:file rw_file_perms;
|
||||
|
|
|
|||
1
legacy/zuma/vendor/hal_radioext_default.te
vendored
1
legacy/zuma/vendor/hal_radioext_default.te
vendored
|
|
@ -1 +0,0 @@
|
|||
allow hal_radioext_default sysfs_display:file rw_file_perms;
|
||||
|
|
@ -10,3 +10,5 @@ crash_dump_fallback(hal_secure_element_uicc)
|
|||
# Allow hal_secure_element_uicc to access rild
|
||||
binder_call(hal_secure_element_uicc, rild);
|
||||
allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
allow hal_secure_element_uicc hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(hal_secure_element_uicc, servicemanager)
|
||||
|
|
|
|||
2
legacy/zuma/vendor/twoshay.te
vendored
2
legacy/zuma/vendor/twoshay.te
vendored
|
|
@ -1,4 +1,2 @@
|
|||
# Allow ITouchContextService callback
|
||||
binder_call(twoshay, systemui_app)
|
||||
|
||||
binder_call(twoshay, hal_radioext_default)
|
||||
|
|
|
|||
5
legacy/zuma/vendor/ufs_firmware_update.te
vendored
5
legacy/zuma/vendor/ufs_firmware_update.te
vendored
|
|
@ -1,6 +1,4 @@
|
|||
type ufs_firmware_update, domain;
|
||||
type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
# ufs ffu
|
||||
userdebug_or_eng(`
|
||||
init_daemon_domain(ufs_firmware_update)
|
||||
|
||||
|
|
@ -10,3 +8,4 @@ userdebug_or_eng(`
|
|||
allow ufs_firmware_update sysfs:dir r_dir_perms;
|
||||
allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -7,3 +7,6 @@ get_prop(bipchmgr, hwservicemanager_prop);
|
|||
allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
hwbinder_use(bipchmgr)
|
||||
binder_call(bipchmgr, rild)
|
||||
allow bipchmgr hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(bipchmgr, servicemanager)
|
||||
binder_use(bipchmgr)
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
# radio
|
||||
type modem_block_device, dev_type;
|
||||
type modem_userdata_block_device, dev_type;
|
||||
type efs_block_device, dev_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -30,4 +30,5 @@ binder_call(dmd, hwservicemanager)
|
|||
binder_call(dmd, modem_diagnostic_app)
|
||||
binder_call(dmd, modem_logging_control)
|
||||
binder_call(dmd, vendor_telephony_silentlogging_app)
|
||||
binder_call(dmd, liboemservice_proxy_default)
|
||||
add_service(dmd, hal_vendor_modem_logging_service)
|
||||
binder_call(dmd, servicemanager)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@
|
|||
/vendor/bin/modem_ml_svc_sit u:object_r:modem_ml_svc_sit_exec:s0
|
||||
/vendor/bin/cbd u:object_r:cbd_exec:s0
|
||||
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
|
||||
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
|
||||
/vendor/bin/liboemservice_proxy_default u:object_r:liboemservice_proxy_default_exec:s0
|
||||
/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
# for grilservice_app domain
|
||||
type grilservice_app, domain;
|
||||
app_domain(grilservice_app)
|
||||
|
||||
|
|
@ -12,8 +13,8 @@ allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
|
|||
allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
|
||||
allow grilservice_app radio_vendor_data_file:file create_file_perms;
|
||||
allow grilservice_app gril_antenna_tuning_service:service_manager find;
|
||||
allow grilservice_app hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(grilservice_app, hal_bluetooth_btlinux)
|
||||
binder_call(grilservice_app, hal_radioext_default)
|
||||
binder_call(grilservice_app, hal_wifi_ext)
|
||||
binder_call(grilservice_app, hal_audiometricext_default)
|
||||
binder_call(grilservice_app, rild)
|
||||
|
|
@ -22,3 +23,6 @@ hal_client_domain(grilservice_app, hal_power_stats)
|
|||
allow grilservice_app sysfs_irq:dir r_dir_perms;
|
||||
allow grilservice_app sysfs_irq:file r_file_perms;
|
||||
get_prop(grilservice_app, telephony_modemtype_prop)
|
||||
# Set modem logging properties
|
||||
set_prop(grilservice_app, vendor_logger_prop)
|
||||
set_prop(grilservice_app, vendor_modem_prop)
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
type hal_radioext_default, domain;
|
||||
type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(hal_radioext_default)
|
||||
|
||||
hwbinder_use(hal_radioext_default)
|
||||
get_prop(hal_radioext_default, hwservicemanager_prop)
|
||||
get_prop(hal_radioext_default, telephony_modemtype_prop)
|
||||
set_prop(hal_radioext_default, vendor_gril_prop)
|
||||
add_hwservice(hal_radioext_default, hal_radioext_hwservice)
|
||||
|
||||
binder_call(hal_radioext_default, servicemanager)
|
||||
binder_call(hal_radioext_default, grilservice_app)
|
||||
binder_call(hal_radioext_default, hal_bluetooth_btlinux)
|
||||
|
||||
# RW /dev/oem_ipc0
|
||||
allow hal_radioext_default radio_device:chr_file rw_file_perms;
|
||||
|
||||
# RW MIPI Freq files
|
||||
allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
|
||||
|
||||
# Bluetooth
|
||||
allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
|
||||
allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find;
|
||||
|
|
@ -3,6 +3,3 @@ vendor.samsung_slsi.telephony.hardware.oemservice::IOemService
|
|||
|
||||
# rild HAL
|
||||
vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal u:object_r:hal_exynos_rild_hwservice:s0
|
||||
|
||||
# GRIL HAL
|
||||
vendor.google.radioext::IRadioExt u:object_r:hal_radioext_hwservice:s0
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ userdebug_or_eng(`
|
|||
|
||||
hal_client_domain(modem_diagnostic_app, hal_power_stats);
|
||||
|
||||
allow modem_diagnostic_app hal_vendor_radio_external_service:service_manager find;
|
||||
allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
binder_call(modem_diagnostic_app, rild)
|
||||
|
||||
|
|
|
|||
|
|
@ -48,3 +48,9 @@ perfetto_producer(modem_svc_sit)
|
|||
allow modem_svc_sit modem_img_file:dir r_dir_perms;
|
||||
allow modem_svc_sit modem_img_file:file r_file_perms;
|
||||
allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
|
||||
|
||||
# Allow modem_svc_sit to access socket for UMI
|
||||
userdebug_or_eng(`
|
||||
allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -7,3 +7,6 @@ allow oemrilservice_app radio_service:service_manager find;
|
|||
|
||||
binder_call(oemrilservice_app, rild)
|
||||
set_prop(oemrilservice_app, vendor_rild_prop)
|
||||
|
||||
allow oemrilservice_app hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(oemrilservice_app, servicemanager)
|
||||
|
|
|
|||
|
|
@ -7,3 +7,5 @@ allow radio radio_vendor_data_file:file create_file_perms;
|
|||
allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown };
|
||||
allow radio aoc_device:chr_file rw_file_perms;
|
||||
allow radio scheduling_policy_service:service_manager find;
|
||||
allow radio hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(radio, servicemanager)
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ crash_dump_fallback(rild)
|
|||
|
||||
# for hal service
|
||||
add_hwservice(rild, hal_exynos_rild_hwservice)
|
||||
add_service(rild, hal_vendor_radio_external_service)
|
||||
|
||||
# Allow rild to access files on modem img.
|
||||
allow rild modem_img_file:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -20,4 +20,6 @@ userdebug_or_eng(`
|
|||
allow sced vendor_slog_file:file create_file_perms;
|
||||
allow sced hidl_base_hwservice:hwservice_manager add;
|
||||
allow sced hal_vendor_oem_hwservice:hwservice_manager { add find };
|
||||
add_service(sced, hal_vendor_tcpdump_service)
|
||||
binder_call(sced, servicemanager)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# Define liboemservice_proxy_service.
|
||||
type liboemservice_proxy_service, hal_service_type, service_manager_type;
|
||||
type liboemservice_proxy_service, hal_service_type, service_manager_type;
|
||||
type hal_vendor_radio_external_service, hal_service_type, protected_service, service_manager_type;
|
||||
|
||||
type hal_vendor_modem_logging_service, hal_service_type, protected_service, service_manager_type;
|
||||
type hal_vendor_tcpdump_service, hal_service_type, protected_service, service_manager_type;
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# DMD oemservice aidl proxy.
|
||||
com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
|
||||
com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
|
||||
vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default u:object_r:hal_vendor_radio_external_service:s0
|
||||
vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm0 u:object_r:hal_vendor_modem_logging_service:s0
|
||||
vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm1 u:object_r:hal_vendor_modem_logging_service:s0
|
||||
vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/sced0 u:object_r:hal_vendor_tcpdump_service:s0
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ binder_call(vendor_engineermode_app, rild)
|
|||
|
||||
allow vendor_engineermode_app app_api_service:service_manager find;
|
||||
allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
allow vendor_engineermode_app hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(vendor_engineermode_app, servicemanager)
|
||||
|
||||
userdebug_or_eng(`
|
||||
dontaudit vendor_engineermode_app default_prop:file r_file_perms;
|
||||
|
|
|
|||
|
|
@ -21,3 +21,5 @@ get_prop(vendor_ims_app, vendor_imssvc_prop)
|
|||
userdebug_or_eng(`
|
||||
get_prop(vendor_ims_app, vendor_ims_tiss_prop)
|
||||
')
|
||||
allow vendor_ims_app hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(vendor_ims_app, servicemanager)
|
||||
|
|
|
|||
|
|
@ -5,5 +5,6 @@ net_domain(vendor_rcs_app)
|
|||
allow vendor_rcs_app app_api_service:service_manager find;
|
||||
allow vendor_rcs_app radio_service:service_manager find;
|
||||
allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
allow vendor_rcs_app hal_vendor_radio_external_service:service_manager find;
|
||||
|
||||
binder_call(vendor_rcs_app, rild)
|
||||
|
|
|
|||
|
|
@ -3,4 +3,6 @@ type vendor_satellite_service, domain;
|
|||
app_domain(vendor_satellite_service);
|
||||
allow vendor_satellite_service app_api_service:service_manager find;
|
||||
allow vendor_satellite_service hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
binder_call(vendor_satellite_service, rild)
|
||||
binder_call(vendor_satellite_service, rild)
|
||||
allow vendor_satellite_service hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(vendor_satellite_service, servicemanager)
|
||||
|
|
@ -9,6 +9,9 @@ binder_call(vendor_telephony_debug_app, rild)
|
|||
# RIL property
|
||||
set_prop(vendor_telephony_debug_app, vendor_rild_prop)
|
||||
|
||||
allow vendor_telephony_debug_app hal_vendor_radio_external_service:service_manager find;
|
||||
binder_call(vendor_telephony_debug_app, servicemanager)
|
||||
|
||||
# Debug property
|
||||
set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
|
|||
allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
|
||||
binder_call(vendor_telephony_silentlogging_app, dmd)
|
||||
binder_call(vendor_telephony_silentlogging_app, sced)
|
||||
allow vendor_telephony_silentlogging_app hal_vendor_modem_logging_service:service_manager find;
|
||||
binder_call(vendor_telephony_silentlogging_app, servicemanager)
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Silent Logging
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
# SEPolicy for System UI
|
||||
typeattribute systemui_app coredomain;
|
||||
app_domain(systemui_app)
|
||||
allow systemui_app app_api_service:service_manager find;
|
||||
|
|
@ -26,3 +27,4 @@ userdebug_or_eng(`
|
|||
allow systemui_app wm_trace_data_file:file create_file_perms;
|
||||
')
|
||||
|
||||
set_prop(systemui_app, debug_tracing_desktop_mode_visible_tasks_prop)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,33 @@
|
|||
|
||||
dump_display sysfs file b/322917055
|
||||
dumpstate image_processing_hal binder b/322916328
|
||||
dumpstate image_processing_server binder b/322916328
|
||||
dump_modem sscoredump_vendor_data_coredump_file dir b/361726331
|
||||
dump_modem sscoredump_vendor_data_logcat_file dir b/361726331
|
||||
grilservice_app default_android_service service_manager b/366116096
|
||||
hal_audio_default fwk_stats_service service_manager b/340369535
|
||||
hal_audio_default traced_producer_socket sock_file b/340369535
|
||||
hal_bluetooth_btlinux vendor_aoc_prop file b/353262026
|
||||
hal_bluetooth_btlinux vendor_default_prop property_service b/350830390
|
||||
hal_bluetooth_btlinux vendor_default_prop property_service b/350830756
|
||||
hal_bluetooth_btlinux vendor_default_prop property_service b/350830758
|
||||
hal_gnss_default vendor_gps_prop file b/318310869
|
||||
hal_power_default hal_power_default capability b/350830411
|
||||
hal_wlcservice default_prop file b/350830657
|
||||
hal_wlcservice default_prop file b/350830879
|
||||
incidentd incidentd anon_inode b/322917075
|
||||
kernel sepolicy_file file b/353418189
|
||||
kernel system_bootstrap_lib_file dir b/353418189
|
||||
kernel system_bootstrap_lib_file file b/353418189
|
||||
kernel system_dlkm_file dir b/353418189
|
||||
modem_svc_sit hal_radioext_default process b/368187536
|
||||
modem_svc_sit hal_radioext_default process b/368188020
|
||||
modem_svc_sit modem_ml_svc_sit file b/360060680
|
||||
modem_svc_sit modem_ml_svc_sit file b/360060705
|
||||
sctd sctd tcp_socket b/309550514
|
||||
sctd swcnd unix_stream_socket b/309550514
|
||||
sctd vendor_persist_config_default_prop file b/309550514
|
||||
shell sysfs_net file b/338347525
|
||||
spad spad unix_stream_socket b/309550905
|
||||
swcnd swcnd unix_stream_socket b/309551062
|
||||
shell sysfs_net file b/338347525
|
||||
system_suspend sysfs_touch_gti dir b/350830429
|
||||
system_suspend sysfs_touch_gti dir b/350830680
|
||||
system_suspend sysfs_touch_gti dir b/350830796
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# b/315105050
|
||||
dontaudit hal_radioext_default radio_vendor_data_file:file { ioctl };
|
||||
|
|
@ -10,5 +10,3 @@ ALL : device/google/zumapro-sepolicy/tracking_denials/certs/camera_fishfood.x509
|
|||
[@CAMERASERVICES]
|
||||
ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_google_android_apps_camera_services.x509.pem
|
||||
|
||||
[@EUICCSUPPORTPIXEL]
|
||||
ALL : device/google/zumapro-sepolicy/tracking_denials/certs/EuiccSupportPixel.x509.pem
|
||||
|
|
|
|||
|
|
@ -33,7 +33,4 @@
|
|||
<signer signature="@CAMERASERVICES" >
|
||||
<seinfo value="CameraServices" />
|
||||
</signer>
|
||||
<signer signature="@EUICCSUPPORTPIXEL" >
|
||||
<seinfo value="EuiccSupportPixel" />
|
||||
</signer>
|
||||
</policy>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
# b/314065301
|
||||
|
||||
vendor_internal_prop(vendor_nfc_prop)
|
||||
vendor_restricted_prop(vendor_nfc_antenna_prop)
|
||||
vendor_internal_prop(vendor_battery_profile_prop)
|
||||
vendor_internal_prop(vendor_camera_fatp_prop)
|
||||
vendor_internal_prop(vendor_display_prop)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
# Domain for EuiccSupportPixel
|
||||
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
|
||||
|
||||
# Domain for connectivity monitor
|
||||
user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
|
||||
|
||||
|
|
|
|||
4
vendor/device.te
vendored
4
vendor/device.te
vendored
|
|
@ -1,4 +1,8 @@
|
|||
# Device types
|
||||
type lwis_device, dev_type;
|
||||
type tee_persist_block_device, dev_type;
|
||||
type tee_userdata_block_device, dev_type;
|
||||
type hw_jpg_device, dev_type, mlstrustedobject;
|
||||
|
||||
# SecureElement SPI device
|
||||
type st54spi_device, dev_type;
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
# Euiccpixel_app
|
||||
type euiccpixel_app, domain;
|
||||
app_domain(euiccpixel_app)
|
||||
|
||||
|
|
@ -18,4 +19,4 @@ userdebug_or_eng(`
|
|||
')
|
||||
|
||||
# b/265286368 framework UI rendering properties
|
||||
dontaudit euiccpixel_app default_prop:file { read };
|
||||
dontaudit euiccpixel_app default_prop:file { read };
|
||||
1
vendor/file.te
vendored
1
vendor/file.te
vendored
|
|
@ -17,6 +17,7 @@ type sysfs_write_leds, sysfs_type, fs_type;
|
|||
type sysfs_fabric, sysfs_type, fs_type;
|
||||
type sysfs_em_profile, sysfs_type, fs_type;
|
||||
type sysfs_ospm, sysfs_type, fs_type;
|
||||
type sysfs_lhbm, sysfs_type, fs_type;
|
||||
|
||||
# debugfs
|
||||
type vendor_regmap_debugfs, fs_type, debugfs_type;
|
||||
|
|
|
|||
3
vendor/file_contexts
vendored
3
vendor/file_contexts
vendored
|
|
@ -22,7 +22,6 @@
|
|||
/vendor/bin/chre u:object_r:chre_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty u:object_r:hal_secretkeeper_default_exec:s0
|
||||
/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
|
||||
/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
|
|
@ -39,6 +38,7 @@
|
|||
/vendor/lib64/libhwjpeg\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/android\.frameworks\.stats-V2-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib64/libgpudataproducer\.so u:object_r:same_process_hal_file:s0
|
||||
|
|
@ -162,6 +162,7 @@
|
|||
/dev/qbt_ipc u:object_r:fingerprint_device:s0
|
||||
/dev/qbt_fd u:object_r:fingerprint_device:s0
|
||||
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
||||
/dev/fth_fd u:object_r:fingerprint_device:s0
|
||||
/dev/video12 u:object_r:hw_jpg_device:s0
|
||||
|
||||
# Data
|
||||
|
|
|
|||
28
vendor/genfs_contexts
vendored
28
vendor/genfs_contexts
vendored
|
|
@ -29,6 +29,8 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply
|
|||
genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump u:object_r:sysfs_power_dump:s0
|
||||
genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/registers_dump u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0
|
||||
|
|
@ -101,6 +103,9 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-m
|
|||
genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.7.auto/usb1 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.7.auto/usb2 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.7.auto/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2 u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
|
@ -365,6 +370,8 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctr
|
|||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_option u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_rate_hz u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/frame_interval u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/expected_present_time u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0
|
||||
|
|
@ -375,19 +382,34 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count
|
|||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_rate_hz u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_option u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/frame_rate u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/power_mode u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_negotiation_failures u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_read_failures u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/dpcd_read_failures u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/fec_dsc_not_supported u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/fec_dsc_supported u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_invalid_failures u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/sink_count_invalid_failures u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_unstable_failures u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_other u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1366_768 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1440_900 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1600_900 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_1920_1080 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_2560_1080 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_2560_1440 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_3440_1440 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_3840_2160 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_5120_2880 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/max_res_7680_4320 u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/hdcp/hdcp2_success_count u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/hdcp/hdcp2_fallback_count u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/hdcp/hdcp2_fail_count u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/hdcp/hdcp1_success_count u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/hdcp/hdcp1_fail_count u:object_r:sysfs_display:s0
|
||||
genfscon sysfs /devices/platform/hdcp/hdcp0_count u:object_r:sysfs_display:s0
|
||||
|
||||
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/local_hbm_delay_frames u:object_r:sysfs_lhbm:s0
|
||||
|
||||
# ACPM
|
||||
genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0
|
||||
|
|
@ -462,3 +484,7 @@ genfscon sysfs /devices/platform/ete7 u:object_r:sysfs_devices_cs_etm:s0
|
|||
# Privacy LED
|
||||
genfscon sysfs /devices/platform/pwmleds/leds/green/brightness u:object_r:sysfs_leds:s0
|
||||
genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness u:object_r:sysfs_leds:s0
|
||||
|
||||
# CPU
|
||||
genfscon sysfs /kernel/metrics/cpuidle_histogram/cpuidle_histogram u:object_r:sysfs_cpu:s0
|
||||
genfscon sysfs /kernel/metrics/cpuidle_histogram/cpucluster_histogram u:object_r:sysfs_cpu:s0
|
||||
|
|
|
|||
2
vendor/hal_camera_default.te
vendored
2
vendor/hal_camera_default.te
vendored
|
|
@ -1,3 +1,4 @@
|
|||
# for hal_camera_default service
|
||||
allow hal_camera_default self:global_capability_class_set sys_nice;
|
||||
allow hal_camera_default kernel:process setsched;
|
||||
|
||||
|
|
@ -73,7 +74,6 @@ allow hal_camera_default sysfs_display:file r_file_perms;
|
|||
# Allow camera HAL to query preferred camera frequencies from the radio HAL
|
||||
# extensions to avoid interference with cellular antennas.
|
||||
allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
|
||||
binder_call(hal_camera_default, hal_radioext_default);
|
||||
|
||||
# Allows camera HAL to access the hw_jpeg /dev/video12.
|
||||
allow hal_camera_default hw_jpg_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
4
vendor/hal_fingerprint_default.te
vendored
4
vendor/hal_fingerprint_default.te
vendored
|
|
@ -1,3 +1,4 @@
|
|||
# SE policies for fingerprint
|
||||
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
|
|
@ -56,3 +57,6 @@ allow hal_fingerprint_default persist_fingerprint_file:file create_file_perms;
|
|||
# TODO: b/297562630 - remove unecessary permissions once not needed
|
||||
allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms;
|
||||
allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
|
||||
|
||||
# Allow fingerprint to rw lhbm files
|
||||
allow hal_fingerprint_default sysfs_lhbm:file rw_file_perms;
|
||||
|
|
|
|||
3
vendor/hal_graphics_composer_default.te
vendored
3
vendor/hal_graphics_composer_default.te
vendored
|
|
@ -44,6 +44,9 @@ allow hal_graphics_composer_default vendor_log_file:dir search;
|
|||
|
||||
# allow HWC to access powerstats
|
||||
allow hal_graphics_composer_default hal_power_stats_vendor_service:service_manager find;
|
||||
allow hal_graphics_composer_default thermal_link_device:dir search;
|
||||
allow hal_graphics_composer_default sysfs_thermal:dir search;
|
||||
allow hal_graphics_composer_default sysfs_thermal:file r_file_perms;
|
||||
binder_call(hal_graphics_composer_default, hal_power_stats_default)
|
||||
|
||||
# allow HWC to access IStats AIDL
|
||||
|
|
|
|||
5
vendor/hal_usb_impl.te
vendored
5
vendor/hal_usb_impl.te
vendored
|
|
@ -26,3 +26,8 @@ allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;
|
|||
allow hal_usb_impl device:dir r_dir_perms;
|
||||
allow hal_usb_impl usb_device:chr_file rw_file_perms;
|
||||
allow hal_usb_impl usb_device:dir r_dir_perms;
|
||||
|
||||
# For monitoring usb sysfs attributes
|
||||
allow hal_usb_impl sysfs_wakeup:dir search;
|
||||
allow hal_usb_impl sysfs_wakeup:file r_file_perms;
|
||||
|
||||
|
|
|
|||
3
vendor/keys.conf
vendored
Normal file
3
vendor/keys.conf
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
[@EUICCSUPPORTPIXEL]
|
||||
ALL : device/google/zumapro-sepolicy/vendor/certs/EuiccSupportPixel.x509.pem
|
||||
|
||||
27
vendor/mac_permissions.xml
vendored
Normal file
27
vendor/mac_permissions.xml
vendored
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<policy>
|
||||
|
||||
<!--
|
||||
|
||||
* A signature is a hex encoded X.509 certificate or a tag defined in
|
||||
keys.conf and is required for each signer tag.
|
||||
* A signer tag may contain a seinfo tag and multiple package stanzas.
|
||||
* A default tag is allowed that can contain policy for all apps not signed with a
|
||||
previously listed cert. It may not contain any inner package stanzas.
|
||||
* Each signer/default/package tag is allowed to contain one seinfo tag. This tag
|
||||
represents additional info that each app can use in setting a SELinux security
|
||||
context on the eventual process.
|
||||
* When a package is installed the following logic is used to determine what seinfo
|
||||
value, if any, is assigned.
|
||||
- All signatures used to sign the app are checked first.
|
||||
- If a signer stanza has inner package stanzas, those stanza will be checked
|
||||
to try and match the package name of the app. If the package name matches
|
||||
then that seinfo tag is used. If no inner package matches then the outer
|
||||
seinfo tag is assigned.
|
||||
- The default tag is consulted last if needed.
|
||||
-->
|
||||
<!-- google apps key -->
|
||||
<signer signature="@EUICCSUPPORTPIXEL" >
|
||||
<seinfo value="EuiccSupportPixel" />
|
||||
</signer>
|
||||
</policy>
|
||||
3
vendor/property.te
vendored
3
vendor/property.te
vendored
|
|
@ -1,3 +1,4 @@
|
|||
# Vendor property
|
||||
vendor_internal_prop(vendor_camera_prop)
|
||||
vendor_internal_prop(vendor_ro_sys_default_prop)
|
||||
vendor_internal_prop(vendor_persist_sys_default_prop)
|
||||
|
|
@ -10,7 +11,7 @@ vendor_internal_prop(vendor_secure_element_prop)
|
|||
vendor_internal_prop(vendor_trusty_storage_prop)
|
||||
|
||||
# Fingerprint
|
||||
vendor_internal_prop(vendor_fingerprint_prop)
|
||||
vendor_restricted_prop(vendor_fingerprint_prop)
|
||||
|
||||
# Battery
|
||||
vendor_internal_prop(vendor_battery_defender_prop)
|
||||
|
|
|
|||
4
vendor/property_contexts
vendored
4
vendor/property_contexts
vendored
|
|
@ -5,6 +5,10 @@ vendor.usb. u:object_r:vendor_usb_config_prop:s0
|
|||
# SecureElement
|
||||
persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
|
||||
|
||||
# NFC
|
||||
persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
|
||||
persist.vendor.nfc.antenna. u:object_r:vendor_nfc_antenna_prop:s0
|
||||
|
||||
# vendor default
|
||||
ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0
|
||||
persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0
|
||||
|
|
|
|||
3
vendor/seapp_contexts
vendored
Normal file
3
vendor/seapp_contexts
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# Domain for EuiccSupportPixel
|
||||
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
|
||||
|
||||
3
vendor/tee.te
vendored
3
vendor/tee.te
vendored
|
|
@ -1,3 +1,4 @@
|
|||
allow tee tee_persist_block_device:blk_file rw_file_perms;
|
||||
allow tee tee_userdata_block_device:blk_file rw_file_perms;
|
||||
allow tee tee_data_file:lnk_file create;
|
||||
allow tee tee_data_file:lnk_file { create read };
|
||||
allow tee persist_ss_file:lnk_file { create read };
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue